Issues in ContentReviewDefaultSettings.php (master) - Issues in master - silverstripe/silverstripe-contentreview - Measure and Improve Code Quality continuously with Scrutinizer

Issues (93)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Extensions/ContentReviewDefaultSettings.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Robbie Averill 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace SilverStripe\ContentReview\Extensions;

use SilverStripe\Core\Config\Config;
use SilverStripe\Control\Email\Email;
use SilverStripe\Forms\DropdownField;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\ListboxField;
use SilverStripe\Forms\LiteralField;
use SilverStripe\Forms\TextareaField;
use SilverStripe\Forms\TextField;
use SilverStripe\ORM\DataExtension;
use SilverStripe\Security\Group;
use SilverStripe\Security\Member;
use SilverStripe\Security\Permission;

/**
 * This extensions add a default schema for new pages and pages without a content
 * review setting.
 *
 * @property int $ReviewPeriodDays
 */
class ContentReviewDefaultSettings extends DataExtension
{
    /**
     * @config
     *
     * @var array
     */
    private static $db = array(
        'ReviewPeriodDays' => 'Int',
        'ReviewFrom' => 'Varchar(255)',
        'ReviewSubject' => 'Varchar(255)',
        'ReviewBody' => 'HTMLText',
    );

    /**
     * @config
     *
     * @var array
     */
    private static $defaults = array(
        'ReviewSubject' => 'Page(s) are due for content review',
        'ReviewBody' => '<h2>Page(s) due for review</h2><p>There are $PagesCount pages that are due for review today by you.</p>',
    );

    /**
     * @config
     *
     * @var array
     */
    private static $many_many = array(
        'ContentReviewGroups' => Group::class,
        'ContentReviewUsers' => Member::class,
    );

    /**
     * Template to use for content review emails.
     *
     * This should contain an $EmailBody variable as a placeholder for the user-defined copy
     *
     * @config
     *
     * @var string
     */
    private static $content_review_template = 'SilverStripe\\ContentReview\\ContentReviewEmail';


    /**
     * @return string
     */
    public function getOwnerNames()
    {
        $names = array();

        foreach ($this->OwnerGroups() as $group) {
            $names[] = $group->getBreadcrumbs(' > ');
        }

        foreach ($this->OwnerUsers() as $group) {
            $names[] = $group->getName();
        }

        return implode(', ', $names);
    }

    /**
     * @return ManyManyList
     */
    public function OwnerGroups()
    {
        return $this->owner->getManyManyComponents('ContentReviewGroups');
    }

    /**
     * @return ManyManyList
     */
    public function OwnerUsers()
    {
        return $this->owner->getManyManyComponents('ContentReviewUsers');
    }

    /**
     * @param FieldList $fields
     */
    public function updateCMSFields(FieldList $fields)
    {
        $helpText = LiteralField::create(
            'ContentReviewHelp',
            _t(
                'ContentReview.DEFAULTSETTINGSHELP',
                'These settings will apply to all pages that do not have a specific Content Review schedule.'
            )
        );

        $fields->addFieldToTab('Root.ContentReview', $helpText);

        $reviewFrequency = DropdownField::create(
            'ReviewPeriodDays',
            _t('ContentReview.REVIEWFREQUENCY', 'Review frequency'),
            SiteTreeContentReview::get_schedule()
        )
            ->setDescription(_t(
                'ContentReview.REVIEWFREQUENCYDESCRIPTION',
                'The review date will be set to this far in the future, whenever the page is published.'
            ));

        $fields->addFieldToTab('Root.ContentReview', $reviewFrequency);

        $users = Permission::get_members_by_permission(array(
            'CMS_ACCESS_CMSMain',
            'ADMIN',
        ));

        $usersMap = $users->map('ID', 'Title')->toArray();
        asort($usersMap);

        $userField = ListboxField::create('OwnerUsers', _t('ContentReview.PAGEOWNERUSERS', 'Users'), $usersMap)
            ->setAttribute('data-placeholder', _t('ContentReview.ADDUSERS', 'Add users'))
            ->setDescription(_t('ContentReview.OWNERUSERSDESCRIPTION', 'Page owners that are responsible for reviews'));

        $fields->addFieldToTab('Root.ContentReview', $userField);

        $groupsMap = array();

        foreach (Group::get() as $group) {
            // Listboxfield values are escaped, use ASCII char instead of &raquo;
            $groupsMap[$group->ID] = $group->getBreadcrumbs(' > ');
        }

        asort($groupsMap);

        $groupField = ListboxField::create('OwnerGroups', _t('ContentReview.PAGEOWNERGROUPS', 'Groups'), $groupsMap)
            ->setAttribute('data-placeholder', _t('ContentReview.ADDGROUP', 'Add groups'))
            ->setDescription(_t('ContentReview.OWNERGROUPSDESCRIPTION', 'Page owners that are responsible for reviews'));

        $fields->addFieldToTab('Root.ContentReview', $groupField);

        // Email content
        $fields->addFieldsToTab(
            'Root.ContentReview',
            array(
                TextField::create('ReviewFrom', _t('ContentReview.EMAILFROM', 'From email address'))
                    ->setDescription(_t('Review.EMAILFROM_RIGHTTITLE', 'e.g: [email protected]')),
                TextField::create('ReviewSubject', _t('ContentReview.EMAILSUBJECT', 'Subject line')),
                TextAreaField::create('ReviewBody', _t('ContentReview.EMAILTEMPLATE', 'Email template')),
                LiteralField::create(
                    'TemplateHelp',
                    $this->owner->renderWith('SilverStripe\\ContentReview\\ContentReviewAdminHelp')
                ),
            )
        );
    }

    /**
     * Get all Members that are default Content Owners. This includes checking group hierarchy
     * and adding any direct users.
     *
     * @return ArrayList
     */
    public function ContentReviewOwners()
    {
        return SiteTreeContentReview::merge_owners($this->OwnerGroups(), $this->OwnerUsers());
    }

    /**
     * Get the review body, falling back to the default if left blank.
     *
     * @return string HTML text
     */
    public function getReviewBody()
    {
        return $this->getWithDefault('ReviewBody');
    }

    /**
     * Get the review subject line, falling back to the default if left blank.
     *
     * @return string plain text value
     */
    public function getReviewSubject()
    {
        return $this->getWithDefault('ReviewSubject');
    }

    /**
     * Get the "from" field for review emails.
     *
     * @return string
     */
    public function getReviewFrom()
    {
        $from = $this->owner->getField('ReviewFrom');
        if ($from) {
            return $from;
        }

        // Fall back to admin email
        return Config::inst()->get(Email::class, 'admin_email');
    }

    /**
     * Get the value of a user-configured field, falling back to the default if left blank.
     *
     * @param string $field
     *
     * @return string
     */
    protected function getWithDefault($field)
    {
        $value = $this->owner->getField($field);
        if ($value) {
            return $value;
        }
        // fallback to default value
        $defaults = $this->owner->config()->get('defaults');
        if (isset($defaults[$field])) {
            return $defaults[$field];
        }
    }
}


1			<?php
2
3			namespace SilverStripe\ContentReview\Extensions;
4
5			use SilverStripe\Core\Config\Config;
6			use SilverStripe\Control\Email\Email;
7			use SilverStripe\Forms\DropdownField;
8			use SilverStripe\Forms\FieldList;
9			use SilverStripe\Forms\ListboxField;
10			use SilverStripe\Forms\LiteralField;
11			use SilverStripe\Forms\TextareaField;
12			use SilverStripe\Forms\TextField;
13			use SilverStripe\ORM\DataExtension;
14			use SilverStripe\Security\Group;
15			use SilverStripe\Security\Member;
16			use SilverStripe\Security\Permission;
17
18			/**
19			* This extensions add a default schema for new pages and pages without a content
20			* review setting.
21			*
22			* @property int $ReviewPeriodDays
23			*/
24			class ContentReviewDefaultSettings extends DataExtension
25			{
26			/**
27			* @config
28			*
29			* @var array
30			*/
31			private static $db = array(
32			'ReviewPeriodDays' => 'Int',
33			'ReviewFrom' => 'Varchar(255)',
34			'ReviewSubject' => 'Varchar(255)',
35			'ReviewBody' => 'HTMLText',
36			);
37
38			/**
39			* @config
40			*
41			* @var array
42			*/
43			private static $defaults = array(
44			'ReviewSubject' => 'Page(s) are due for content review',
45			'ReviewBody' => '<h2>Page(s) due for review</h2><p>There are $PagesCount pages that are due for review today by you.</p>',
46			);
47
48			/**
49			* @config
50			*
51			* @var array
52			*/
53			private static $many_many = array(
54			'ContentReviewGroups' => Group::class,
55			'ContentReviewUsers' => Member::class,
56			);
57
58			/**
59			* Template to use for content review emails.
60			*
61			* This should contain an $EmailBody variable as a placeholder for the user-defined copy
62			*
63			* @config
64			*
65			* @var string
66			*/
67			private static $content_review_template = 'SilverStripe\\ContentReview\\ContentReviewEmail';
			0 ignored issues – show Unused Code introduced 2017-09-12 02:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$content_review_template` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
68
69			/**
70			* @return string
71			*/
72			public function getOwnerNames()
73			{
74			$names = array();
75
76			foreach ($this->OwnerGroups() as $group) {
77			$names[] = $group->getBreadcrumbs(' > ');
78			}
79
80			foreach ($this->OwnerUsers() as $group) {
81			$names[] = $group->getName();
82			}
83
84			return implode(', ', $names);
85			}
86
87			/**
88			* @return ManyManyList
89			*/
90			public function OwnerGroups()
91			{
92			return $this->owner->getManyManyComponents('ContentReviewGroups');
93			}
94
95			/**
96			* @return ManyManyList
97			*/
98			public function OwnerUsers()
99			{
100			return $this->owner->getManyManyComponents('ContentReviewUsers');
101			}
102
103			/**
104			* @param FieldList $fields
105			*/
106			public function updateCMSFields(FieldList $fields)
107			{
108			$helpText = LiteralField::create(
109			'ContentReviewHelp',
110			_t(
111			'ContentReview.DEFAULTSETTINGSHELP',
112			'These settings will apply to all pages that do not have a specific Content Review schedule.'
113			)
114			);
115
116			$fields->addFieldToTab('Root.ContentReview', $helpText);
117
118			$reviewFrequency = DropdownField::create(
119			'ReviewPeriodDays',
120			_t('ContentReview.REVIEWFREQUENCY', 'Review frequency'),
121			SiteTreeContentReview::get_schedule()
122			)
123			->setDescription(_t(
124			'ContentReview.REVIEWFREQUENCYDESCRIPTION',
125			'The review date will be set to this far in the future, whenever the page is published.'
126			));
127
128			$fields->addFieldToTab('Root.ContentReview', $reviewFrequency);
129
130			$users = Permission::get_members_by_permission(array(
131			'CMS_ACCESS_CMSMain',
132			'ADMIN',
133			));
134
135			$usersMap = $users->map('ID', 'Title')->toArray();
136			asort($usersMap);
137
138			$userField = ListboxField::create('OwnerUsers', _t('ContentReview.PAGEOWNERUSERS', 'Users'), $usersMap)
139			->setAttribute('data-placeholder', _t('ContentReview.ADDUSERS', 'Add users'))
140			->setDescription(_t('ContentReview.OWNERUSERSDESCRIPTION', 'Page owners that are responsible for reviews'));
141
142			$fields->addFieldToTab('Root.ContentReview', $userField);
143
144			$groupsMap = array();
145
146			foreach (Group::get() as $group) {
147			// Listboxfield values are escaped, use ASCII char instead of »
148			$groupsMap[$group->ID] = $group->getBreadcrumbs(' > ');
149			}
150
151			asort($groupsMap);
152
153			$groupField = ListboxField::create('OwnerGroups', _t('ContentReview.PAGEOWNERGROUPS', 'Groups'), $groupsMap)
154			->setAttribute('data-placeholder', _t('ContentReview.ADDGROUP', 'Add groups'))
155			->setDescription(_t('ContentReview.OWNERGROUPSDESCRIPTION', 'Page owners that are responsible for reviews'));
156
157			$fields->addFieldToTab('Root.ContentReview', $groupField);
158
159			// Email content
160			$fields->addFieldsToTab(
161			'Root.ContentReview',
162			array(
163			TextField::create('ReviewFrom', _t('ContentReview.EMAILFROM', 'From email address'))
164			->setDescription(_t('Review.EMAILFROM_RIGHTTITLE', 'e.g: [email protected]')),
165			TextField::create('ReviewSubject', _t('ContentReview.EMAILSUBJECT', 'Subject line')),
166			TextAreaField::create('ReviewBody', _t('ContentReview.EMAILTEMPLATE', 'Email template')),
167			LiteralField::create(
168			'TemplateHelp',
169			$this->owner->renderWith('SilverStripe\\ContentReview\\ContentReviewAdminHelp')
170			),
171			)
172			);
173			}
174
175			/**
176			* Get all Members that are default Content Owners. This includes checking group hierarchy
177			* and adding any direct users.
178			*
179			* @return ArrayList
180			*/
181			public function ContentReviewOwners()
182			{
183			return SiteTreeContentReview::merge_owners($this->OwnerGroups(), $this->OwnerUsers());
184			}
185
186			/**
187			* Get the review body, falling back to the default if left blank.
188			*
189			* @return string HTML text
190			*/
191			public function getReviewBody()
192			{
193			return $this->getWithDefault('ReviewBody');
194			}
195
196			/**
197			* Get the review subject line, falling back to the default if left blank.
198			*
199			* @return string plain text value
200			*/
201			public function getReviewSubject()
202			{
203			return $this->getWithDefault('ReviewSubject');
204			}
205
206			/**
207			* Get the "from" field for review emails.
208			*
209			* @return string
210			*/
211			public function getReviewFrom()
212			{
213			$from = $this->owner->getField('ReviewFrom');
214			if ($from) {
215			return $from;
216			}
217
218			// Fall back to admin email
219			return Config::inst()->get(Email::class, 'admin_email');
220			}
221
222			/**
223			* Get the value of a user-configured field, falling back to the default if left blank.
224			*
225			* @param string $field
226			*
227			* @return string
228			*/
229			protected function getWithDefault($field)
230			{
231			$value = $this->owner->getField($field);
232			if ($value) {
233			return $value;
234			}
235			// fallback to default value
236			$defaults = $this->owner->config()->get('defaults');
237			if (isset($defaults[$field])) {
238			return $defaults[$field];
239			}
240			}
241			}
242

silverstripe / silverstripe-contentreview

Issues (93)

Security Analysis not enabled

src/Extensions/ContentReviewDefaultSettings.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like